Is Your Password Strong Enough?

In December of last year, a hacker gained access to more than 32 million usernames and passwords from the users of RockYou. After obtaining and studying the data from that hack, data security firm Imperva has come up with a list of the top ten most common passwords. In reading the list of passwords, I felt the need to pick my mouth up off of the floor. In this day and age of Identity Theft, people are still using things such as 123456 as a password!

The report states that “Nearly 50 percent of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).”. That is absolutely insane. I understand that most people in the world are not uber Geeks. I get that not everyone is a “power user”. But anyone who has turned on a computer and connected it to the Internet has heard of the dangers of having your information hacked.

Have we gotten lazy? Do people feel as though it’ll never happen to them? After all, you aren’t rich, or famous. Why would someone want to hack you? People don’t realize that it’s the average Joe that many hackers are after. They want your social security number. They want your health records. They aren’t trying to bilk you out of millions of dollars. They just want your information so that they can use it to their own advantage.

Making up strong passwords is not a difficult thing to do. You don’t even have to come up with one all by yourself (I don’t!). There are several different types of password generators available – many of which are free. PC Tools happens to have an excellent (and reputable) password generator. You can also use the super-secure password generator on GRC. That one will create a 64-character random – and unique – password. You can use as many characters of it as you wish.

There’s also a service available to find out how secure your passwords are. The Password Meter will give you a score, based on a specific set of criteria. The Password Meter checks for minimum requirements of at least eight characters, and at least 3 out of the following 4: uppercase letters, lowercase letters, numbers and symbols.

Do yourself – and your identity – a favor. Never use the same password twice. Don’t use a password that is any combination of your birthdate, your child’s birthdate, or your pet’s name. Take the time to be sure your passwords are secure, and to change them periodically.

  • kevin

    Oh no, not me. My passwords go all the way to "11"!

  • kevin

    Oh no, not me. My passwords go all the way to "11"!

  • People are t probably not aware, but we have to be extra cautious. There are plenty of articles on the Internet on how to hack a password. It is actually very easy.

  • People are t probably not aware, but we have to be extra cautious. There are plenty of articles on the Internet on how to hack a password. It is actually very easy.

  • Jenga

    Have you considered that perhaps the reason people use easy passwords is because they don't have any "sensitive" information on their account?

    Don't get me wrong, the e-mail account I'm using to post this comment for example has an 14 digit password composed of a symbol, two unrelated dictionary words and a number. Even so, the account itself contains no important information

    Overall, the only way to stay secure is to prevent your information from getting online in the first place. The only way someone could find out my personal info is by breaking into banking or government computers for example

  • Jenga

    Have you considered that perhaps the reason people use easy passwords is because they don't have any "sensitive" information on their account?

    Don't get me wrong, the e-mail account I'm using to post this comment for example has an 14 digit password composed of a symbol, two unrelated dictionary words and a number. Even so, the account itself contains no important information

    Overall, the only way to stay secure is to prevent your information from getting online in the first place. The only way someone could find out my personal info is by breaking into banking or government computers for example

  • @Jenga, yes I agree that most of the people only keep personal information on emails, so that would not be interesting to hackers. But, some of them store for example paypal passwords in email, and that could present a problem. Other thing that can occur is that hackers can use your emails to send spam messages to all your contacts or to third parties too.

  • @Jenga, yes I agree that most of the people only keep personal information on emails, so that would not be interesting to hackers. But, some of them store for example paypal passwords in email, and that could present a problem. Other thing that can occur is that hackers can use your emails to send spam messages to all your contacts or to third parties too.

  • Jenga

    @Sandrina

    I agree that writing down any password or sensitive info in a non secure medium is a thoughtless practice which allows bh to gain access, but that is a completely different security problem which revolves around meat choices compared to the "crackability" of encryption due to low password complexity

    What I'm trying to say is that your scenarios present 90% of security issues on the net today, simple mistakes or social engineering
    Whereas Kat is talking about password complexity, which isn't even an issue if one takes care with info

    You're right though, bh and malware distributors rely on a cascade of failures which happen simply due to large base of users and statistically probable failures (human error):

    1. For example, 2 million usernames and passwords from the users of RockYou were compromised
    2. A spam snail-mail message may be sent to a certain number of people (how much... depending on the capabilities and determination of bh) to their mandatory ZIP telling them they won a prize through RockYou (likely a CD with their personal favorite list of music, inconspicuously loaded with spyware)
    3. Less than 10% would do load the CD, mostly kids
    4. You could use those compromised computers to access possibly their parents account info or maybe you can use their computers as a botnet to compromise even more computers

    Boom, not a bad weeks work; all simply because a cascade of statistically probable failures which were bound to happen... happened

    Password security is important for many users... but I still maintain that given the multitude of other avenues of attack which could be stopped with simple common sense, password security is the least of your worries

  • Jenga

    @Sandrina

    I agree that writing down any password or sensitive info in a non secure medium is a thoughtless practice which allows bh to gain access, but that is a completely different security problem which revolves around meat choices compared to the "crackability" of encryption due to low password complexity

    What I'm trying to say is that your scenarios present 90% of security issues on the net today, simple mistakes or social engineering
    Whereas Kat is talking about password complexity, which isn't even an issue if one takes care with info

    You're right though, bh and malware distributors rely on a cascade of failures which happen simply due to large base of users and statistically probable failures (human error):

    1. For example, 2 million usernames and passwords from the users of RockYou were compromised
    2. A spam snail-mail message may be sent to a certain number of people (how much... depending on the capabilities and determination of bh) to their mandatory ZIP telling them they won a prize through RockYou (likely a CD with their personal favorite list of music, inconspicuously loaded with spyware)
    3. Less than 10% would do load the CD, mostly kids
    4. You could use those compromised computers to access possibly their parents account info or maybe you can use their computers as a botnet to compromise even more computers

    Boom, not a bad weeks work; all simply because a cascade of statistically probable failures which were bound to happen... happened

    Password security is important for many users... but I still maintain that given the multitude of other avenues of attack which could be stopped with simple common sense, password security is the least of your worries

  • cityslicker farmhand

    EGAD! passwordmeter dot com ? ? and THAT website is registered through a "secret" registrar -- no WAY I'd "test" any of my passwords! THAT would only put them into a DATABASE of "passwords" which could be used by a fast-executing program hacking into websites.

  • cityslicker farmhand

    EGAD! passwordmeter dot com ? ? and THAT website is registered through a "secret" registrar -- no WAY I'd "test" any of my passwords! THAT would only put them into a DATABASE of "passwords" which could be used by a fast-executing program hacking into websites.

  • YancyB

    Omg xD lol
    didn't realise soo many people actually share the same password!!!! Lol
    I'm safe 8D nobody knows me so..and why put a lust up of popular passwords? That's practically begging people to hack into peoples accounts

  • YancyB

    Omg xD lol
    didn't realise soo many people actually share the same password!!!! Lol
    I'm safe 8D nobody knows me so..and why put a lust up of popular passwords? That's practically begging people to hack into peoples accounts

  • wow 12345 that's my fav pass 😉

  • wow 12345 that's my fav pass 😉

  • Glorious 20+ character randomly generated master race, reporting for duty.